VULHUB ™

It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue may result in local user privilage escalation. By manipulating environment variables a local attacker may supply, as an include file, an arbitrary local perl-script. This may make it possible to execute the included script with the rights of the openwebmail 'oom' script, which is by default setuid root. This vulnerability has been reported to affect cPanel version 5 however, previous versions may also be affected.

It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue may result in local user privilage escalation. By manipulating environment variables a local attacker may supply, as an include file, an arbitrary local perl-script. This may make it possible to execute the included script with the rights of the openwebmail 'oom' script, which is by default setuid root. This vulnerability has been reported to affect cPanel version 5 however, previous versions may also be affected.